Exam 312-50v12 topic 1 question 111 discussion

A. Diversion theft: A technique involving distraction to commit theft or stealing. B. Quid pro quo: An exchange where one party provides value in return for a benefit. C. Elicitation: Gathering information through skilled questioning or social engineering. D. Phishing: Fraudulent technique using deception to obtain sensitive information.

Correct B: Quid pro quo CEH Book v12 Page 1341 Attackers call numerous random numbers within a company, claiming to be from technical support. They offer their service to end users in exchange for confidential data or login credentials

The social engineering technique employed by Johnson in the scenario you described is more aligned with **"Quid pro quo."** In this context, the attacker pretends to be from a legitimate source (a technical support team) and offers a service (warning about an impending server compromise) in exchange for the victim taking specific actions (executing unusual commands and installing malicious files). This technique often involves an exchange where the attacker provides a benefit or service to the victim, who in turn provides sensitive information or access. While "Elicitation" refers to techniques used to gather information without the victim realizing it, in this case, the direct exchange and manipulation for a specific action suggest that Quid pro quo is a better fit.

B. Quid pro quo In this scenario, Johnson pretends to be from a technical support team and warns the target about a supposed threat. He then instructs the target to execute certain commands and install malicious files, offering the supposed benefit of preventing a server compromise. This exchange of providing help in return for the execution of malicious instructions is characteristic of quid pro quo in social engineering.

Quid Pro Quo Quid pro quo is a Latin phrase that meaning “something for something.” In this technique, attackers keep calling random numbers within a company, claiming to be calling from technical support. This is a baiting technique where attackers offer their service to end-users in exchange of confidential data or login credentials. CEHv12 Module 09 Social Engineering Page 1348

B. Quid pro quo

In this technique, attackers keep calling random numbers within a company, claiming to be calling from technical support. This is a baiting technique where attackers offer their service to end-users in exchange of confidential data or login credentials

Quid Pro Quo an attacker gathers random phone numbers of the employees of a target organization. They then start calling each number, pretending to be from the IT department. The attacker eventually finds someone with a genuine technical issue and offers their service to resolve it. The attacker can then ask the victim to follow a series of steps and to type in the specific commands to install and launch malicious files that contain malware designed to collect sensitive information

definetly C. elicitation: In requirements engineering, requirements elicitation is the practice of researching and discovering the requirements of a system from users, customers, and other stakeholders. The practice is also sometimes referred to as "requirement gathering".

The correct option is C. Elicitacion. Steve uses persuasion and manipulation to extract sensitive information from the victim. Where is the Quid pro quo? The victim dont get nothing!

same page as fortinetmaster => yeah we have the same book ;-)

B. Quid pro quo CEH Book v12 Module 09 Page 905 "Quid pro quo is a Latin phrase that meaning “something for something.” In this technique, attackers keep calling random numbers within a company, claiming to be calling from technical support. This is a baiting technique where attackers offer their service to end-users in exchange of confidential data or login credentials."

B. Quid pro quo. In this technique, the attacker offers something of value, in this case, a warning about a compromised server, in exchange for access or information. In this case, Johnson offered to help the victim prevent an attack in progress, but in reality, he was using the opportunity to install malware and steal sensitive information.